CVE-2025-55191 Repository Credentials Race Condition Crashes Argo CD Server

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions between 2.1.0 and 2.14.19, 3.2.0-rc1, 3.1.0-rc1 through 3.1.7, and 3.0.0-rc1 through 3.0.18 contain a race condition in the repository credentials handler that can cause the Argo CD server to panic and crash when...

CVE-2025-55191 Repository Credentials Race Condition Crashes Argo CD Server

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions between 2.1.0 and 2.14.19, 3.2.0-rc1, 3.1.0-rc1 through 3.1.7, and 3.0.0-rc1 through 3.0.18 contain a race condition in the repository credentials handler that can cause the Argo CD server to panic and crash when...

CVE-2025-55191

CVE-2025-55191 affects Argo CD up to several release lines (2.14.19, 3.1.7, 3.0.18, etc.). The issue is a race condition in the repository credentials handler (repository_secrets.go) that can cause the Argo CD server to panic and crash when concurrent operations touch the same repository URL. A v...

GHSA-G88P-R42R-PPP9 Repository Credentials Race Condition Crashes Argo CD Server

Summary A race condition in the repository credentials handler can cause the Argo CD server to panic and crash when concurrent operations are performed on the same repository URL. Details The vulnerability is located in numerous repository related handlers in the util/db/repositorysecrets.go file...

Repository Credentials Race Condition Crashes Argo CD Server

Summary A race condition in the repository credentials handler can cause the Argo CD server to panic and crash when concurrent operations are performed on the same repository URL. Details The vulnerability is located in numerous repository related handlers in the util/db/repositorysecrets.go file...

Argo CD 竞争条件问题漏洞

Argo CD is an Argo open source declarative GitOps continuous delivery tool for Kubernetes. Argo CD suffers from a Competitive Condition Issue vulnerability that stems from a competitive condition in the repository credentials handler that could lead to a denial of service attack. The following...

PT-2025-40043

Summary A race condition in the repository credentials handler can cause the Argo CD server to panic and crash when concurrent operations are performed on the same repository URL. Details The vulnerability is located in numerous repository related handlers in the util/db/repository secrets.go fil...

PT-2025-40034

Name of the Vulnerable Software and Affected Versions Argo CD versions 2.1.0 through 2.14.19 Argo CD versions 3.0.0-rc1 through 3.0.18 Argo CD versions 3.1.0-rc1 through 3.1.7 Argo CD version 3.2.0-rc1 Description Argo CD, a declarative GitOps continuous delivery tool for Kubernetes, is susceptib...

SUSE CVE-2025-55190

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwor...

BIT-ARGO-CD-2025-55190 Argo CD: Project API Token Exposes Repository Credentials

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwords...

GO-2025-3934 Argo CD's Project API Token Exposes Repository Credentials in github.com/argoproj/argo-cd

Argo CD's Project API Token Exposes Repository Credentials in github.com/argoproj/argo-cd...

PT-2025-36652

Argo CD's Project API Token Exposes Repository Credentials in github.com/argoproj/argo-cd...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the project details API endpoint. An attacker can access sensitive repository credentials by using API tokens with project-level or project get permissions,...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the project details API endpoint. An attacker can access sensitive repository credentials by using API tokens with project-level or project get permissions,...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the project details API endpoint. An attacker can access sensitive repository credentials by using API tokens with project-level or project get permissions,...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the project details API endpoint. An attacker can access sensitive repository credentials by using API tokens with project-level or project get permissions,...

CVE-2025-55190

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwor...

CVE-2025-55190 Argo CD: Project API Token Exposes Repository Credentials

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwor...

CVE-2025-55190 Argo CD: Project API Token Exposes Repository Credentials

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwor...

CVE-2025-55190

Argo CD vulnerability CVE-2025-55190: In multiple releases of Argo CD, API tokens with project-level permissions can retrieve sensitive repository credentials via the project details API endpoint, even when tokens lack explicit access to secrets. The issue affects versions 2.13.0–2.13.8, 2.14.0–2...